diff --git a/charts/c3os-crds/Chart.yaml b/charts/c3os-crds/Chart.yaml index 7a51268..8733c36 100644 --- a/charts/c3os-crds/Chart.yaml +++ b/charts/c3os-crds/Chart.yaml @@ -7,4 +7,4 @@ home: https://docs.c3os.io/ maintainers: - name: Ettore Di Giacinto email: mudler@c3os.io -version: 0.0.1 \ No newline at end of file +version: 0.0.2 \ No newline at end of file diff --git a/charts/osbuilder/Chart.yaml b/charts/osbuilder/Chart.yaml new file mode 100644 index 0000000..0b564d3 --- /dev/null +++ b/charts/osbuilder/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: osbuilder +description: A Helm chart for osbuilder +icon: +type: application +home: https://docs.c3os.io/ +maintainers: +- name: Ettore Di Giacinto + email: mudler@c3os.io +version: 0.0.1 \ No newline at end of file diff --git a/charts/osbuilder/templates/_helpers.tpl b/charts/osbuilder/templates/_helpers.tpl new file mode 100644 index 0000000..2583e11 --- /dev/null +++ b/charts/osbuilder/templates/_helpers.tpl @@ -0,0 +1,58 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "helm-chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "helm-chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "helm-chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "helm-chart.labels" -}} +helm.sh/chart: {{ include "helm-chart.chart" . }} +{{ include "helm-chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "helm-chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "helm-chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "helm-chart.serviceAccountName" -}} +{{- include "helm-chart.fullname" . }} +{{- end }} \ No newline at end of file diff --git a/charts/osbuilder/templates/configmap.yaml b/charts/osbuilder/templates/configmap.yaml new file mode 100644 index 0000000..f4c0434 --- /dev/null +++ b/charts/osbuilder/templates/configmap.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: + ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n + \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: + true\n resourceName: 98ca89ca.c3os-x.io\n# leaderElectionReleaseOnCancel + defines if the leader should step down volume \n# when the Manager ends. + This requires the binary to immediately end when the\n# Manager is stopped, + otherwise, this setting is unsafe. Setting this significantly\n# speeds + up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration + time first.\n# In the default scaffold provided, the program ends immediately + after \n# the manager stops, so would be fine to enable this option. However, + \n# if you are doing or is intended to do any operation such as perform + cleanups \n# after the manager stops then its usage might be unsafe.\n# + \ leaderElectionReleaseOnCancel: true\n" +kind: ConfigMap +metadata: + name: osartifactbuilder-operator-manager-config + namespace: '{{.Release.Namespace}}' diff --git a/charts/osbuilder/templates/deployment.yaml b/charts/osbuilder/templates/deployment.yaml new file mode 100644 index 0000000..61db9a8 --- /dev/null +++ b/charts/osbuilder/templates/deployment.yaml @@ -0,0 +1,89 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: '{{ include "helm-chart.fullname" . }}' + namespace: '{{.Release.Namespace}}' + labels: + {{- include "helm-chart.labels" . | nindent 8 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "helm-chart.selectorLabels" . | nindent 10 }} + template: + metadata: + annotations: + {{- range keys .Values.podAnnotations }} + {{ . | quote }}: {{ get $.Values.podAnnotations . | quote}} + {{- end }} + labels: + {{- include "helm-chart.selectorLabels" . | nindent 14}} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 6 }} + {{- end }} + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: '{{ .Values.image.repository | default "quay.io/c3os/osbuilder" }}:{{ .Values.image.tag | default .Chart.AppVersion + }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- if and .Values.resources .Values.resources.controller }} + resources: +{{ toYaml .Values.resources.controller | indent 20 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: '{{ include "helm-chart.serviceAccountName" . }}' + terminationGracePeriodSeconds: 10 + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/osbuilder/templates/rbac.yaml b/charts/osbuilder/templates/rbac.yaml new file mode 100644 index 0000000..f30ecc4 --- /dev/null +++ b/charts/osbuilder/templates/rbac.yaml @@ -0,0 +1,160 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: osartifactbuilder-operator-leader-election-role + namespace: '{{.Release.Namespace}}' +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: osartifactbuilder-operator-manager-role +rules: + - apiGroups: + - build.c3os-x.io + resources: + - osartifacts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - build.c3os-x.io + resources: + - osartifacts/finalizers + verbs: + - update + - apiGroups: + - build.c3os-x.io + resources: + - osartifacts/status + verbs: + - get + - patch + - update + - apiGroups: + - build.c3os-x.io + resources: + - osartifacts/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - services + - configmaps + verbs: + - get + - create + - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: osartifactbuilder-operator-metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: osartifactbuilder-operator-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: osartifactbuilder-operator-leader-election-rolebinding + namespace: '{{.Release.Namespace}}' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: osartifactbuilder-operator-leader-election-role +subjects: + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: osartifactbuilder-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: osartifactbuilder-operator-manager-role +subjects: + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: osartifactbuilder-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: osartifactbuilder-operator-proxy-role +subjects: + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' diff --git a/charts/osbuilder/templates/service.yaml b/charts/osbuilder/templates/service.yaml new file mode 100644 index 0000000..d83f075 --- /dev/null +++ b/charts/osbuilder/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: '{{ include "helm-chart.fullname" . }}-metrics-service' + namespace: '{{.Release.Namespace}}' +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + {{- include "helm-chart.selectorLabels" . | nindent 6 }} \ No newline at end of file diff --git a/charts/osbuilder/templates/serviceaccount.yaml b/charts/osbuilder/templates/serviceaccount.yaml new file mode 100644 index 0000000..c4fc9da --- /dev/null +++ b/charts/osbuilder/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' diff --git a/charts/osbuilder/values.yaml b/charts/osbuilder/values.yaml new file mode 100644 index 0000000..4447a02 --- /dev/null +++ b/charts/osbuilder/values.yaml @@ -0,0 +1,45 @@ + +# Settings for the chart. + +# nameOverride Replaces the release name of the chart in Chart.yaml file when +# this is used to construct Kubernetes object names +nameOverride: "" +# fullnameOverride completely replaces the generated release name +fullnameOverride: "" + +# Secrets to pull container images from private registries +imagePullSecrets: [] + +image: + # controller image to be used. Leave empty to use + repository: "" + # image tag, leave empty to use chart's AppVersion + tag: "latest" + +podAnnotations: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +tls: + # source options: + # - "cert-manager-self-signed": Scaffold cert-manager integration, and create + # a self-signed certificate with a cert-manager self-signed Issuer. Depends + # on cert-manager. (default) + # - "cert-manager": Scafffold cert-manager integration. User configures their + # own Issuer. Depends on cert-manager. Set tls.certManagerIssuerName to the + # desired Issuer. + source: cert-manager-self-signed + # "cert-manager"-only options: + certManagerIssuerName: "" + +## Resource limits & requests +## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ +resources: + controller: + limits: + cpu: 500m + memory: 50Mi + requests: + cpu: 250m + memory: 50Mi \ No newline at end of file